AWS Has Head Start Helping Navigate Regulatory Compliance In The Cloud

12 Jan 2018

I’m providing API guidance on a project being delivered to a government agency, as part of my Skylight partnership, and found myself spending more time looking around the AWS compliance department. You can find details on certifications, regulations, laws, and frameworks ranging from HIPPA and FERPA to FedRAMP, so that it can be used by federal government agencies in the United States, and other countries. You can find a list of services that are in scope, and track on their progress when it comes to compliance across this complex web of compliance rules. I’ve been primarily tracking on the progress of the AWS API Gateway which is currently in progress when it comes to FedRAMP compliance.

When it comes to regulatory compliance, AWS has a significant leg up on its competitors, Google and Microsoft. Both of these cloud platforms have existing regulatory efforts, but they aren’t as organized, or as far along as AWS’s approach to delivering in this area. Delivering cloud solutions that are compliant gives AWS a pretty significant advantage when it comes to first impressions with government agencies, and enterprise organizations operating within heavily regulated industries. Once this impression is made, and these groups have gotten a taste of AWS, and migrated systems, and data to their cloud, it will be hard to change their behavior.

As this whole Internet thing grows up, regulatory compliance is unavoidable. Many companies, organizations, institutions, and government agencies we are selling to are already needing to deliver when it comes to compliance, but even for the shiny new starts breaking new ground, at some point you will have to mature and deliver within regulatory constraints. Making AWS a pretty appealing place to be publishing databases, servers, and I’m hoping pretty soon, APIs using AWS API Gateway. If you are on the AWS API Gateway team, I’d love to get an update on the status, as I have a big government project I’d love to deploy using the API Gateway, instead of another industry provider gateway solution.